Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » Django
  • » How to verify the content-type & charset of uploaded file? [RSS Feed]

#1 Dec. 26, 2010 04:31:22

A.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

How to verify the content-type & charset of uploaded file?


In the doc (http://docs.djangoproject.com/en/1.2/topics/http/file-uploads/#uploadedfile-objects) it is stated that:

"UploadedFile.content_type
The content-type header uploaded with the file (e.g. text/plain or
application/pdf). Like any data supplied by the user, you shouldn't
trust that the uploaded file is actually this type. You'll still need
to validate that the file contains the content that the content-type
header claims -- "trust but verify."

"UploadedFile.charset
For text/* content-types, the character set (i.e. utf8) supplied by
the browser. Again, "trust but verify" is the best policy here."

So how do I verify the content-type & charset of uploaded file?

Thanks.

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#2 Dec. 27, 2010 17:18:19

Bill F.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

How to verify the content-type & charset of uploaded file?


This is something of an artificial intelligence problem.

First, if it claims to be ASCII and contains bytes with the high bit set, be
suspicious. If it claims to be UTF-8 (or another UTF encoding), see if
python can "decode" it into a unicode string (there may be an external
app that will try this).

For application specific types, start by checking the magic numbers.
(On *nix use the "file" command or its magic number database.)

If it claims to be an image, see if PIL can read it.

There are similar possibilities for PDF, and probably others.


And ask some virus scanner about it. (F-prot, I believe, is one that is
available for *nix.)


As far as I know, it's probably at least as hard as you originally thought.
At least, I don't know of any shortcuts.


Bill


On Sat, Dec 25, 2010 at 11:31 PM, Andy <selforgani...@gmail.com> wrote:
> In the doc (http://docs.djangoproject.com/en/1.2/topics/http/file-> uploads/#uploadedfile-objects) it is stated that:
>
> "UploadedFile.content_type
> The content-type header uploaded with the file (e.g. text/plain or
> application/pdf). Like any data supplied by the user, you shouldn't
> trust that the uploaded file is actually this type. You'll still need
> to validate that the file contains the content that the content-type
> header claims -- "trust but verify."
>
> "UploadedFile.charset
> For text/* content-types, the character set (i.e. utf8) supplied by
> the browser. Again, "trust but verify" is the best policy here."
>
> So how do I verify the content-type & charset of uploaded file?
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
>http://groups.google.com/group/django-users?hl=en.
>
>

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

  • Root
  • » Django
  • » How to verify the content-type & charset of uploaded file? [RSS Feed]

Board footer

Moderator control

Enjoy the 24th of August
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support